Unable to Access The Server Via SSH
Publisher: Psychz Networks, February 24,2019Secure Shell also commonly known as SSH provides seamless communication between two computers with a strong authentication and encrypted data, over an open network such as the internet. The default port for SSH client connections is 22
Now, there can be many reasons why you are unable to connect to a server using SSH.
1. Our SSH Public Key Is not known to the Server
With the increasing attacks and threats these days, most of the servers only accept SSH by key file. This way the servers are more secure from bruteforce attacks.
Now, here is what you can do if you are facing connection issue due to absence of public key.
Let us generate a pair of SSH key and protect key with a passphrase. This key you can post of the server under ~/.ssh/authorized_keys
Once this is done, you should be able to connect to the server.
You might still face problem logging in for following reasons
# ssh root@www.demodomain.com
Permission denied (publickey)This error message may have 2 possible clauses:
- The private key doesn't have the privilege to login.
- Either public key is not posted correctly or it is missing.
Ensure that the local SSH public key and private key correctly paired. Because, the SSH will check whether our public key and private key is correctly paired. If not, it will reject to use the private key silently.
2. Firewall Prevents Us From Connecting
For security concern, people may enforce a strict firewall policy. It means only certain source IP can ssh.
# ssh root@www.demodomain.com
ssh: connect to host www.demodomain.com port22: Connection refusedThis may happen if the system admin on the server must have reconfigured sshd to listen on other port.
# ssh root@www.demodomain.com
3. Host Key Check Fails
Each server has a unique fingerprint. In case the server is re-provisioned or simply the chances are that it can be a different server, the fingerprint would be different. The first time when we login to the server from a local machine, our laptop/machine will save the server's fingerprint locally. Next time we login, it will do a comparison first. If the fingerprint doesn't match, we will see the warning.
# ssh root@www.demodomain.com@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@The ECDSA host key for [www.demodomain.com]:22 has changed,and the key for the corresponding IP address [45.XX.XX.XX]:22is unknown. This could either mean thatDNS SPOOFING is happening or the IP address for the hostand its host key have changed at the same time.@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!Someone could be eavesdropping on you right now (man-in-the-middle attack)!It is also possible that a host key has just been changed.The fingerprint for the ECDSA key sent by the remote host is37:df:b3:af:54:a3:57:05:aa:32:65:fc:a8:e7:f9:3a.Please contact your system administrator.Add correct host key in /root/.ssh/known_hosts to get rid of this message.Offending ECDSA key in /root/.ssh/known_hosts:2remove with: ssh-keygen -f "/root/.ssh/known_hosts" -R [www.demodomain.com]:22ECDSA host key for [www.demodomain.com]:22 has changed and you have requested strict checking.Host key verification failed.If you are confident that the server has been re-provisioned recently, you can ignore this warning and remove the entry from ~/.ssh/known_hosts.
4. Your SSH Key File Mode Issues
As a self-protection, the file access of your ssh key file can't be widely open. The file mode should be either 0600 or 0400.
# ssh root@www.demodomain.com
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for 'id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: id_rsa
Permission denied (publickey).Use -v for verbose output: ssh -v $user@$server_ip